I found an old patch on my disk to enable SSL over Unix-domain sockets.
Remember, about a year ago it was discussed that there might also be man-in-the-middle or fake-server attacks using Unix-domain sockets, because usually anyone can start a server in /tmp. After an extensive discussion (mainly about moving the socket out of /tmp by default; please don't start that again), it was determined that using SSL server verification would be the proper solution and it fact works without problems. Except that the start-up overhead was increased significantly (because of the initial key exchange and session key setup etc.).
Back then we didn't really have a good solution, but I figured since 8.4 rearranges the SSL connection parameters anyway, we could stick that in there.
I imagine for example, we could invent an additional sslmode of the sort prefer-but-not-if-local-socket, which could be the default.
The other question is whether sslverify=cn makes sense, but that may be up to the user to find out.
Comments? -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
